An error occurred:

Check: TANS-SV-000007

Tanium 7.0 STIG: TANS-SV-000007 (in versions v1 r2 through v1 r1)

Title

The Tanium documentation identifying recognized and trusted IOC Detect streams must be maintained. (Cat II impact)

Discussion

An IOC stream is a series or "stream" of IOCs that are imported from a vendor based on a subscription service. An IOC stream can be downloaded manually or on a scheduled basis. The items in an IOC stream can be separately manipulated after they are imported.

Check Content

Consult with the Tanium System Administrator to determine if the "Tanium Detect" module is being used. If it is not, this is "Not Applicable". Review the documented list of IOC trusted stream sources. If the site does use an external source for IOCs and the IOC trusted stream source is not documented, this is a finding.

Fix Text

Consult with the Tanium System Administrator to determine if the "Tanium Detect" module is being used. If it is not, this is "Not Applicable". Prepare and maintain documentation identifying the Tanium IOC trusted stream sources.

Additional Identifiers

Rule ID: SV-93375r1_rule

Vulnerability ID: V-78669

Group Title: SRG-APP-000039

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-001414

The information system enforces approved authorizations for controlling the flow of information between interconnected systems based on organization-defined information flow control policies.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
AC-4

Information Flow Enforcement